I have received some feedback on this message.
Port 3389 is used by Microsoft Terminal Server and 1813 is used by Radius (normally as UDP)

The combination with other proxy ports would indicate that there may be an exploit of Microsoft ISA server which uses all of these ports and is often used as a firewall/cache proxy.

The source IP for these probes is owned by Intel, so it seemed unlikely that it was a script kiddie, but an exploit worm for ISA/Terminal Server seems a possibility. There have been recent problems with some RADIUS software

I also received more proxy scans this morning with 2 separate IP's scanning for same ports in a fast scan. Have others found this in their IDS/firewall logs? (times are EDT UTC-400)

My home cable modem with switch recorded this interesting scan this afternoon (times EDT).
I know about 8080 and 3128 (SQUID proxy ports) but what are 3389 and 1813, especially since there was a bigger push on 1813

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com